Re: [PATCH v23 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests

From: Jeff Layton
Date: Tue Jul 05 2016 - 07:00:28 EST

Next message: Geert Uytterhoeven: "Re: [PATCH 06/10] clk: samsung make clk-exynos-audss explicitly non-modular"
Previous message: Qiang Zhao: "RE: [PATCH 1/2] qe/ic: move qe_ic_init from platforms to irqchip"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2016-06-30 at 15:46 +0200, Andreas Gruenbacher wrote:
> The vfs does not apply the umask for file systems that support acls.
> The test used for this used to be called IS_POSIXACL().ÂÂSwitch to a new
> IS_ACL() test to check for either posix acls or richacls instead.ÂÂAdd a
> new MS_RICHACL flag and IS_RICHACL() test for richacls alone.ÂÂThe
> IS_POSIXACL() test is still needed in some places like nfsd.
>
> Signed-off-by: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
> Reviewed-by: J. Bruce Fields <bfields@xxxxxxxxxx>
> Reviewed-by: Andreas Dilger <adilger@xxxxxxxxx>
> Reviewed-by: Steve French <steve.french@xxxxxxxxxxxxxxx>
> ---
> Âfs/KconfigÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ3 +++
> Âfs/namei.cÂÂÂÂÂÂÂÂÂÂÂÂÂÂ|ÂÂ6 +++---
> Âinclude/linux/fs.hÂÂÂÂÂÂ| 12 ++++++++++++
> Âinclude/uapi/linux/fs.h |ÂÂ3 ++-
> Â4 files changed, 20 insertions(+), 4 deletions(-)
>
> diff --git a/fs/Kconfig b/fs/Kconfig
> index b8fcb41..de6de55 100644
> --- a/fs/Kconfig
> +++ b/fs/Kconfig
> @@ -64,6 +64,9 @@ endif # BLOCK
> Âconfig FS_POSIX_ACL
> Â def_bool n
> Â
> +config FS_RICHACL
> + def_bool n
> +
> Âconfig EXPORTFS
> Â tristate
> Â
> diff --git a/fs/namei.c b/fs/namei.c
> index 70580ab..7cc5487 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -3115,7 +3115,7 @@ static int lookup_open(struct nameidata *nd, struct path *path,
> Â Â* O_EXCL open we want to return EEXIST not EROFS).
> Â Â*/
> Â if (open_flag & O_CREAT) {
> - if (!IS_POSIXACL(dir->d_inode))
> + if (!IS_ACL(dir->d_inode))
> Â mode &= ~current_umask();
> Â if (unlikely(!got_write)) {
> Â create_error = -EROFS;
> @@ -3709,7 +3709,7 @@ retry:
> Â if (IS_ERR(dentry))
> Â return PTR_ERR(dentry);
> Â
> - if (!IS_POSIXACL(path.dentry->d_inode))
> + if (!IS_ACL(path.dentry->d_inode))
> Â mode &= ~current_umask();
> Â error = security_path_mknod(&path, dentry, mode, dev);
> Â if (error)
> @@ -3780,7 +3780,7 @@ retry:
> Â if (IS_ERR(dentry))
> Â return PTR_ERR(dentry);
> Â
> - if (!IS_POSIXACL(path.dentry->d_inode))
> + if (!IS_ACL(path.dentry->d_inode))
> Â mode &= ~current_umask();
> Â error = security_path_mkdir(&path, dentry, mode);
> Â if (!error)
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index dd28814..4ad130c 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1850,6 +1850,12 @@ struct super_operations {
> Â#define IS_IMMUTABLE(inode) ((inode)->i_flags & S_IMMUTABLE)
> Â#define IS_POSIXACL(inode) __IS_FLG(inode, MS_POSIXACL)
> Â
> +#ifdef CONFIG_FS_RICHACL
> +#define IS_RICHACL(inode) __IS_FLG(inode, MS_RICHACL)
> +#else
> +#define IS_RICHACL(inode) 0
> +#endif
> +
> Â#define IS_DEADDIR(inode) ((inode)->i_flags & S_DEAD)
> Â#define IS_NOCMTIME(inode) ((inode)->i_flags & S_NOCMTIME)
> Â#define IS_SWAPFILE(inode) ((inode)->i_flags & S_SWAPFILE)
> @@ -1863,6 +1869,12 @@ struct super_operations {
> Â Â(inode)->i_rdev == WHITEOUT_DEV)
> Â
> Â/*
> + * IS_ACL() tells the VFS to not apply the umask
> + * and use check_acl for acl permission checks when defined.
> + */
> +#define IS_ACL(inode) __IS_FLG(inode, MS_POSIXACL | MS_RICHACL)
> +
> +/*
> Â * Inode state bits.ÂÂProtected by inode->i_lock
> Â *
> Â * Three bits determine the dirty state of the inode, I_DIRTY_SYNC,
> diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h
> index 3b00f7c..f9c41ef 100644
> --- a/include/uapi/linux/fs.h
> +++ b/include/uapi/linux/fs.h
> @@ -120,7 +120,7 @@ struct inodes_stat_t {
> Â#define MS_VERBOSE 32768 /* War is peace. Verbosity is silence.
> Â ÂÂÂMS_VERBOSE is deprecated. */
> Â#define MS_SILENT 32768
> -#define MS_POSIXACL (1<<16) /* VFS does not apply the umask */
> +#define MS_POSIXACL (1<<16) /* Supports POSIX ACLs */
> Â#define MS_UNBINDABLE (1<<17) /* change to unbindable */
> Â#define MS_PRIVATE (1<<18) /* change to private */
> Â#define MS_SLAVE (1<<19) /* change to slave */
> @@ -130,6 +130,7 @@ struct inodes_stat_t {
> Â#define MS_I_VERSION (1<<23) /* Update inode I_version field */
> Â#define MS_STRICTATIME (1<<24) /* Always perform atime updates */
> Â#define MS_LAZYTIME (1<<25) /* Update the on-disk [acm]times lazily */
> +#define MS_RICHACL (1<<26) /* Supports richacls */
> Â
> Â/* These sb flags are internal to the kernel */
> Â#define MS_NOSEC (1<<28)

Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>

Next message: Geert Uytterhoeven: "Re: [PATCH 06/10] clk: samsung make clk-exynos-audss explicitly non-modular"
Previous message: Qiang Zhao: "RE: [PATCH 1/2] qe/ic: move qe_ic_init from platforms to irqchip"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]